This could be classified as a bug, yes. You're welcome to file an issue, or write your own authorizer that knows how to handle commas better.
--Misagh -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Richard Frovarp Sent: Monday, November 21, 2016 3:38 PM To: CAS Community <[email protected]> Subject: [cas-user] Securing CAS 5.0 Management Webapp I'm having difficulty understanding how to configure the security layer for the CAS management webapp, if I don't want to use a static list. If I provide cas.mgmt.authzAttributes=memberOf, then it would seem that I should set cas.mgmt.adminRoles to the group. In theory this might seem like it should work. However, AD groups have commas in them, and the code is splitting on commas. The Spring documentation for the method is a bit vague, but it appears that quoting the string that you don't want split, doesn't work. This is despite StringUtils in Spring referring to CSV. So there is no way for the whole to be equal to the first bit. Is this a bug, or am I just doing it wrong? Documentation for the LDAP module is lacking, and I can't quite guess what I'm supposed to do there. I was thinking about using the userPropertiesFile, but that doesn't appear to be read after startup. So I'd have to have Puppet update the static file, then manually restart the management application (via Tomcat Manager, which is protected by CAS). Thanks, Richard -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/75874cc7-09a5-6050-88a9-57659a15997b%40ndsu.edu. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/00c601d244d4%2463887b10%242a997130%24%40unicon.net.
